...
The beans defined in authn/ipaddress-authn-config.xml follow:
Bean ID | Type | Default | Function |
---|---|---|---|
shibboleth.authn.IPAddress.Mappings | Map<String,List<IPRange>> | Empty Map | The entry values are a list of CIDR address range strings to map to the username in the entry key |
shibboleth.authn.IPAddress.Transforms | List<Pair<String,String>> |
Pairs of regular expressions and replacement expressions to apply to the username | |
shibboleth.authn.IPAddress.resultCachingPredicate | Predicate<ProfileRequestContext> |
An optional bean that can be defined to control whether to preserve the authentication result in an IdP session | |||
shibboleth.authn.IPAddress.addDefaultPrincipals3.2 | Boolean | true | Whether to add the content of the supportedPrincipals property of the underlying flow descriptor to the resulting Subject |
V2 Compatibility
The authn/IPAddress login flow is the replacement for the 2.x IPAddress login handler. Configuration of address range mappings in handler.xml need to be ported into conf/authn/ipaddress-authn-config.xml.
Note that SAML 1 does not define an AuthenticationMethod constant for this kind of authentication, so only a SAML 2 AuthnContextClassRef is defined in conf/authn/general-authauthn.xml. An "unspecified" method constant will be used with SAML 1 unless configured otherwise.
...